computer-automation
Fail
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the AI agent to execute shell commands using the Bash tool where user-provided natural language is interpolated into command arguments, such as the
--promptand--locateparameters. This pattern is vulnerable to command injection if the user input contains shell metacharacters (e.g., backticks, pipes, or semicolons), potentially allowing the execution of arbitrary commands on the host system. - [REMOTE_CODE_EXECUTION]: The skill relies on
npxto fetch and execute the@midscene/computerpackage dynamically from the npm registry during runtime. - [DATA_EXFILTRATION]: The skill captures screenshots of the desktop to perform vision-based automation. This creates a surface for the accidental exposure of sensitive data (such as credentials, private messages, or financial information) that may be visible on the screen during the automation process.
Recommendations
- AI detected serious security threats
Audit Metadata